IntSights' Blog

A Common Retailer Dark Web Profile: What We Found In Our Search

The Dark Web has evolved over the past few years in many ways, but one of the biggest changes is the amount of information you can find via Dark Web forums and black markets. This increase in Dark Web data developed when hackers started focusing on new targets that weren’t in the landscape before. As more industries move their businesses online, their digital attack surfaces have increased dramatically, which has given hackers new targets and scam opportunities. One of the new victims of this shift is the retail and the eCommerce sector.

For this blog, we will share examples of common retailer data found across the Dark Web and build a “Dark Web profile” for a typical retail company.

How Hackers Target Retail Companies

Imagine you run a successful eCommerce site. After a recent ad campaign, you see that every product you sell is sold out within seconds after you ran the ad. You go home to your family and celebrate your success, but little do you know that a hacker has targeted your site and bought your whole stock of products, making it unavailable to your typical customers.

These products are later being sold on dark web platforms by the hacker, who is making hundreds of dollars in profits from selling your product that is not in stock anymore (which they forced with their original purchase). It doesn't take long for your customers to become upset, and your site’s reputation begins to fall.

These cyber attacks against Retail and eCommerce shops can be incredibly damaging to both profits and reputation. Yet, many retail organizations aren’t aware of these attacks happening and don’t have the resources fight back against it.

Key Findings from our Retail Dark Web Search

To help you understand how cybercriminals target retail companies, we've searched the Dark Web for common tactics and examples of eCommerce scams. Here's what we found.

Individual Suppliers

Using the Dark Web, individuals can now become independent suppliers by developing tools that enable them to buy the entire stock of a product from an eCommerce shop and then sell that item for more money (see Figure 1). Once a hacker has bought all the units of a popular product, consumers have no other options but to buy it from the hacker. And because fads and product obsession drive such high demand, this tactic usually works.

Figure 1: Example of Item Being Re-Sold on Illegal Online Market

Most of these items can be found in the Black Markets; however, the integrity of these posts are questionable at best. The hackers don’t always have the intention of giving you your money's worth once you’ve paid. Some of these published posts are scams, where they’ll take your money and either send you a knock-off version or not send you anything at all.

Trading Promo Codes

Figure 2: Example of Promo Codes for Sale

Retail products are not the only thing that you can find in the Dark Web. Hackers often sell other items, such as gift cards and promo codes (see Figure 2). Another common tactic is developing a mechanism to create gift cards for popular brands on their own (see Figures 3 and 4). This tool is known as gift card generator and it it a relatively new service hackers offer in dark web forums.

Every gift card uses an ID number which ties back to an account in the retailer's database. These gift card generators use a bot that generates ID numbers, checks their validity against public algorithms, and then finally checks to see if they have a balance remaining. They can then sell these gift card balances for profit or use them to buy their own goods, which they will later sell on their own. As you might expect, these gift card generators can be very unreliable and are often just scams setup to get users to buy gift cards that don't actually work.

For this type of scheme, it doesn't matter how hackers obtain these gift cards, whether it's buying them at a discount, stealing them from a company database, or developing a mechanism to create gift cards on their own. All of these tactics can significantly eat into a company’s profits and damage brand reputation.

Figure 3: Example of a Gift Card Generator for Popular Food Retailer

Figure 4: Example of Gift Card Generator

Carding Methods

Another bit of information hackers trade on retail companies is carding methods. Carding methods are tactics to help you manipulate the details of someone else's credit card to your advantage. Many hackers sell carding methods on retail companies so other hackers can buy products with stolen credit cards and not get caught (see Figure 5).

Figure 5: Example of a Carding Method Sold on the Dark Web

Premium Users

Finally, you can also find instances of hackers selling the account details of “Premium Users” on the Dark Web. A premium user account is an account that has achieved some sort of benefit or reward status on the retailer’s site due to their buying activities.

Many retail and eCommerce companies decide to reward a user that is active on their site by giving them points for every purchase they make. The user can later use these points to purchase other items on the retailer’s site. However, these “Premium Users” have become popular targets for hackers. If a hacker gains access to a user’s account, they can use that in a number of different ways, like:

Selling the user’s login information online

Selling the user’s points

Using the points to buy “free” goods they can later sell for a profit

In addition, because people typically use similar passwords for their different accounts, a hacker can likely guess the login information for other sites to continue exploiting this “Premium User”.

Figure 6: Example of a “Premium User” account for sale on the Dark Web

Conclusion

Although retail companies are fairly new targets for criminals, the profits they can generate are huge due to the increasing number of eCommerce transactions. It’s become incredibly easy for cybercriminals to run schemes the exploit both retailers and consumers, and as a result, they’ve been able to build a highly profitable revenue source.

Retail organizations need to be aware of these tactics and monitor for them on the Dark Web. Leveraging Dark Web reconnaissance can help you identify retail schemes before they’re carried out. Not only will this protect your profit margins, but will help you protect your customers as well, helping you maintain (or even strengthen) your brand credibility and reputation.

Want to learn more about how hackers buy and sell information on Dark Web Black Market forums?

Orin Mor is a Security Researcher at IntSights, focused on hunting for new threats and threat actors on the Dark Web, and working to identify new attack strategies and vectors. Prior to IntSights, she served for 5 years as a Security Researcher in an elite intelligence unit in the Israeli Defense Forces, specializing in cyber operations, data mining and threat research.

Revolutionizing cybersecurity with the first of its kind enterprise threat intelligence and mitigation platform that drives proactive defense by turning tailored threat intelligence into automated security action.